Digital data security

ABSTRACT

Disclosed is a method enabling increasing the security of storing and archiving digital data and adjusting the security level, which level can be selected on the basis of the type and use of the digital data. The method includes restructuring an original file in the form of a plurality of separate, identifiable blocks. Each block includes a field for the binary elements of the data, and a plurality of fields reserved for items of information that each indicate a useful characteristic related to the block, such as the unique identification code. The blocks are transferred to a plurality of dedicated storage sites. Each block corresponds to at least one storage site. A Cartographic Table is set up, containing the Identification Codes of the blocks and associating therewith the number and address(es) of the dedicated storage site(s), and is transferred into the memory of the system and made secure.

The present invention relates to the field of digital data securementwhen stored or archived.

The invention more particularly relates to a method enabling, on the onehand, digital data storage and archiving securement of any source to beincreased and, on the other hand, because of the design itself of saidmethod, the security level which can be selected as a function of thenature and usage of said digital data to be modulated.

Beside known data encryption devices, there are today several digitalinformation data secure storage principles from which can be mentioned:

-   -   RAID (Redundant Array of Independent Disks) technologies which        consist in storing a file, cut into bits, on different disks        according to several cutting and security levels. Thus,        different types of RAID storages are known and they are        distinguished in particular by the redundancy systems used;    -   the information storage method, called CAS (Content Addressed        Storage) which allows access to data recorded in a storage space        using an identification key the preservation of which is        necessary to retrieve the data preserved.

In parallel, in the telecommunication field, packet transmissionprinciples are well known which consist in cutting a data file to betransmitted into a plurality of totally independent data packets andreconstituting the entire file when all the packets have reached theirdestination, for example, the public network TRANSPAC operational since1978.

But, the assembly of the different concepts from prior art have neverbeen implemented yet.

On the other hand, the methods of prior art require many computingresources and require complex organisation or devices.

Furthermore, they do not offer the possibility to adapt the securitylevel to the nature of the data to be protected.

SUMMARY OF THE INVENTION

It is provided herein a device enabling a digital data file to beexploded into different elements which could be then each stored ondistinct spaces, preferably in different and geographically distantphysical places. This storage mode relies on the current “cloud”principle. Where the information is stored is not really known but itcan be examined and retrieved without difficulty. However, in terms of“cloud”, the information is stored fully at a determined place such thattheir confidentiality is not ensured at all.

The device provided here ensures a strong confidentiality of datainsofar as its direct access on storage bays where it is preserved willnever enable the completeness of data to be obtained because it willhave been cut beforehand into fragments or blocks. On the other hand,this technique is applied regardless of the storage device used whichwill possibly further enhance data security or not.

Only the one who has access rights could bring back all the fragmentsconsistently.

A first object of the invention is to associate several techniquesaccording to a novel combination, partly known per se, in view ofimproving the overall digital data storage or archiving securement thebinary elements of which are gathered in an origin file, in particularby enabling each of the security criteria which are availability,integrity, confidentiality and traceability of said data to be improved.

Within this scope, a first aspect of the invention relates toidentification, authentication of the initiator (physical person orhardware) of a request from a management centre of the method of theinvention related to storage or archiving of an initial file F0 ofdigital data, under conditions ensuring guarantee for its origin orintegrity, from the management centre.

A second aspect of the invention relates to processing said initial fileF0 of digital data in order to restructure it as a number of independentand identifiable blocks gathered in the file of blocks FB.

A third aspect of the present invention relates to the implementation ofdistribution of the identified and formatted blocks within a pluralityof storage or archiving third-party sites, wherein a site can storeseveral blocks and a block can be present in several sites.

It will be noted that the functional modes and operational parameters ofthe method of the invention are assigned to each block and are indicatedin the specific fields constituting the format of said block.

After reading each block, a transmitter/receiver device transmits datablocks to their dedicated storage sites and, in parallel, the centralprocessor unit (CPU) builds a so-called “mapping table” essentiallyenabling the single identification code of a block to be associated withthe number and addresses of the respective storage sites of said block.The importance of this mapping table is significant insofar as itcontains no reference to the binary elements of the data assigned toeach block but as, on its own, it enables the entire complete blocksdistributed in a plurality of sites to be recovered, which will make upa process prior to any reconstitution of the original file F0.

Consequently, the method of the invention has to implement anyappropriate known means to ensure securement of this mapping table.

As an extension of the purpose aiming at enhancing digital datasecurement, a fourth aspect of the invention relates to the optionalencryption of data assigned to different blocks using the application ofdifferent encryption modes resorting to algorithms and keys, whereinthese modes can vary from block to block.

The knowledge of said modes will of course be necessary upon encryptingdata. However, for security purposes, the algorithms and keys used willnot be integrated within any field of the block format but, rather, theywill be stored in the corresponding mapping table the characteristics ofwhich have already been discussed.

Still for the same purpose, a fifth aspect of the invention relates tothe calculation of the fingerprint of each block the result of whichwill be also stored in the mapping table and will thus possibly enableintegrity of data assigned to each block to be checked when coming backfrom dedicated sites in order to reconstitute the origin file F0.

A second purpose of the invention is to enable the optimum securitylevel SL desired to be implemented to be selected as a function of thenature of the data, its importance in the different fields in question,or even its confidentiality and permanence.

A sixth aspect of the invention describes means which lead to a possibleselection of the security level SL. Among these means, the essentialelement is in the form of a decision table which defines, for differentsecurity levels, from the lowest to the highest, the functional modesand values of operational parameters enabling each of the securitylevels provided in the decision table to be reached.

Said security level SL is selected upon entering the origin file F0 andthe decision table is construed and executed by the CPU of themanagement centre until the corresponding mapping table is obtained.

A seventh aspect of the invention relates to the reconstitution of theinitial file F0 using mapping tables preserved in a memory and secured,which do not contain any data to be protected but provide theinformation necessary to such a reconstitution.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be better understood using the detailed descriptionbelow and the appended figures in which:

FIG. 1 represents a flowchart of the first phase of the method accordingto the invention;

FIG. 2 represents a flowchart of the second phase of the method of theinvention completed by the implementation of the optional fingerprintcalculation of each block;

FIG. 3 represents a flowchart of the third phase of the method of theinvention;

FIG. 4 represents a flowchart of the implementation of the optionalencryption process for data assigned to each block;

FIG. 5 represents a flowchart of the method of the inventionimplementing the selection of the security level;

FIGS. 6 a, 6 b, 6 c and 6 d represent partial flowcharts of the processfor reconstituting the initial file F0.

DESCRIPTION OF SOME EMBODIMENTS

In the following, the terms store and archive, or storage and archivingwill be used indifferently.

FIG. 1 represents the flowchart of the first aspect of the presentinvention.

A request R_(q) is addressed by a requestor to the management centre (M)in charge of digital data storage or archiving and, more particularly,to ensure securement of said data having the form of an origin file F0recorded on any medium.

The management centre (M) 1 has appropriated means:

-   -   for identifying and authenticating the requestor, and to bring        the evidence of the existence of said data on the date of the        request;    -   to provide origin guarantee and integrity of the file of data        that the management centre 1 is committed to store or archive by        ensuring to maintain its integrity, confidentiality and        permanence.

To do this, a client data base 3 associated with a clock 4 enables thefirst aforementioned purpose to be achieved, but, for the otherguarantees, the central processing unit (CPU) 2, associated withfingerprint calculation means 6 for the file F0 are necessary, whichcould thus lead to an electronic signature 7, in the case where thesigner is a physical person, or to an electronic seal 7 if the signer isan artificial person or a machine.

It is also possible, for example, to calculate said fingerprint and sendit to an electronic timestamping service which associates with thisfingerprint an order number, a date and a time and seals all of them.

A preferred embodiment of the present invention further contemplates tomake electronic signatures by relying on an asymmetric encryptionalgorithm based on the use of a key pair. The principle consists in,after calculating the fingerprint of the file, encrypting the latterwith a private key only controlled by the signer.

When all these precautions have been taken, the digital data of theorigin file F0 as well as the fingerprint F(F0) of the file F0 aretransferred into the system memory 5 of the management centre 1.

The second aspect of the present invention is illustrated by therepresentation of the flowchart of FIG. 2 relating to one embodiment ofthe second phase of the method of the invention and intended torestructure the origin file F0 8 as a plurality of independent andidentifiable data blocks.

By “block”, it is meant a series of binary elements taken, in theirinitial order, from the digital data of the file F0 8 and having aformat of several fields among which:

-   -   a first field reserved to the single identification code IC 9 of        said block consisting of a label F0* specific to the file F0 and        the order number ON definitely assigned to said block when being        formed;    -   a second field, called a data field 10, gathering the binary        elements of data assigned to said block;    -   several other fields intended to operational indicators and the        respective contents of which will change during the process, as        will be described subsequently.

The blocks are built in such a way that all the binary elements, takenin their initial order, of the data of the origin file F0 satisfies aone-to-one identity relationship with all the binary elements of thedata contained in all the blocks successively considered according totheir order number ON.

For forming a block, the CPU 2 associated with a counter 11, executingthe instructions of a first programming law takes 12, from the file F08, a number “l” of binary elements “be” in their initial order to fillthe “data” field 10 of the forming block and it simultaneously assignsto it, in the dedicated field, the single identification code IC 9consisting of the label F0* specific to the file F0 and the order numberON indicative of the position of the binary elements taken in the fileF0 8 and assigned to said block “i”.

The number “l” represents the block size.

Said first programming law associated with the formation of the blocks13 defines the first operational parameter that is the total number ofblocks “k”, given that data confidentiality will be all the better sincethe number of blocks “k” will be large.

Said first law also determines a second operational parameter byimposing that the size “l” of the blocks is constant for all the blocks(to the closest unit) or is variable from block to block, making theblocks of a variable size contributing, as the increase in the number“k”, to the improvement of data confidentiality.

According to one embodiment, the processor of the CPU 2 executing theinstructions of the first programming law can use a procedure forcounting the binary elements, block by block, such that the size of theblocks is constant and, for example, equal to BE/k=1, where BErepresents the number of total binary elements “be” contained in thefile F0 8, automatically calculated, for example, upon entering saidfile F0 8 after examining the initial request R_(q).

All the blocks will then make appear in the block size field 14,indicative of the block size, a value “l”. The last block can possiblybe incomplete depending on the value of the ratio BE/k and the size “l′”of this block will be lower than “l”.

According to another option, the procedure for counting the binaryelements “be” assigned to each of the “k” blocks can be random and theindicators 1 _(l) intervening in the respective block size fields 14will be consequently variable.

If block management problems appear related to the physical size of theentire block, filling characters can be used such that their sizebecomes equal.

The blocks thus formed and formatted are recorded the one after theother in a file of blocks FB 15 that can be stored in the system memory5 or, preferably, in an auxiliary cache memory 5′ with a quicker access,said file of blocks FB 15 consisting, in a preferred embodiment, of asimple queue, for example, of the FIFO type.

FIG. 2 represents in its left part (without block fingerprintcalculation), the content of the blocks 9, 10, 14 of the file of blocksFB 15 at this stage in the method, illustrating the identification code9 (label of the file FO* and order number ON of the block), the blocksize indicator 1 _(i) and the binary elements be_(i) assigned to thisblock.

In a preferred embodiment, illustrated in the right part of FIG. 2 (withblock fingerprint calculation), a further block processing intended, inparticular to ensure at any time, the integrity of the binary elements“be” assigned to each block, consists in calculating the fingerprint ofeach block as soon as it is formed by the conventional calculation means6 having several possible algorithms stored in 6′ and, preferably, usingtwo different fingerprint algorithms. The results F_(i) of the blockfingerprint calculations are gathered in a first table called a“fingerprint table” FT 16 essentially consisting of two columns enablingeach block identification code IC_(i) to be associated with thecorresponding fingerprint value F_(i) associated with its calculationalgorithm ae_(i).

Said fingerprint table FT 16 is arranged such that it can be combinedwithout difficulty with other tables, as will be subsequently described.It is also possible to foresee to directly record information from thefingerprint table into the final mapping table. This possibility alsoexists for the other modes investigated hereinafter.

As soon as the file of blocks FB 15 is full and preserved in the memory5 or 5′, the method activates the instructions of the second programminglaw implemented according to FIG. 3.

FIG. 3 represents a flowchart of one embodiment of the third aspect ofthe invention.

This step consists in implementing a second programming law theexecution by the processor of the CPU 2 of which includes the followingsteps of:

-   -   assigning 17 to each of the different blocks of the file of        blocks FB 15 one or more address(es) of third-party site(s)        available recorded in 18 for storage or archiving, wherein the        third-party sites can be local, delocalised or even result from        the current “cloud” principle;    -   indicating, in parallel, in the appropriate “site” field 19 of        the format of each block, the number j_(i) and the respective        addresses si_(k) of the dedicated sites. The set of blocks thus        formatted makes up the new file of blocks FBS 23 preserved, for        example, in the memory 5′;    -   and then transmitting, by conventional and appropriate        communication means 20, each block to the dedicated storage        site(s) 21.

According to a preferred embodiment, the processor of the CPU 2 extractsthe blocks of the file FB 15, block by block, and from a list ofaddresses of available storage sites 18, it assigns, randomly or in aparameterised way, one or more site(s) to each of the blocks by writingthe number j_(i) and the corresponding address(es) si_(k) in the “site”field 19 of the block format reserved therefor, and then it transfersthe block to the transmitter/receiver device T/R 20 which, after readingthe addresses, transmits the block to the dedicated storage site(s) 21.

The multiplicity of said storage sites increases the complexity ofgathering the blocks thus disseminated and, consequently, enhances dataconfidentiality. However, for management reasons, it is possible tomoderate the random nature of assigning said sites by setting beforehanda maximum number of sites for a given block and/or for all the blocks.

FIG. 3 also shows that, simultaneously to assigning the sites, theprocessor of the CPU 2 builds a table which will be designated as themapping table MT 22. The latter consists of two columns, the firstcolumn successively records the identification codes IC_(i) of all theblocks and the second column indicates the number j_(i) and theaddresses of the storage sites si_(i1), si_(i2), . . . , si_(ij)assigned to each block identified in said first column.

Other embodiments are contemplatable by those skilled in the art. Forexample, it is possible to establish, from the file of blocks FBS 23,recorded beforehand in the cache memory 5′, which gathers all the blocksafter assigning the third-party sites, a plurality of queues 24, one bydedicated site, also recorded in the auxiliary cache memory 5′, and eachgathering a set of blocks intended to the same dedicated site, whichenables them to be transferred to the respective sites in a singletransmission operation.

After each emission, the transmitter/receiver device 20 of themanagement centre 1 receives acknowledgements from the different sites.If a possible incident occurs, a new emission of the block(s) inquestion is performed, as happens conventionally.

However, this procedure also justifies to keep in the memory 5′ the fileFBS 23, while being likely to be subsequently erased.

Said mapping table MT 22 has a great interest insofar as it contains notrace of the binary elements assigned to each block but as it enables,on its own, the set of complete blocks distributed in a plurality ofstorage sites to be recovered, which is a process prior to anysubsequent reconstitution of the origin file F0 8.

The mapping table MT 22 thus has to be secured by conventional means,for example, by being preserved in the memory 5 and saved on the site ofthe management centre 1, but it can also be preserved on one or moredistant third-party site(s), with the proviso to be encrypted in orderto fulfil the confidentiality searched for.

Within the scope of the preferred embodiment which implements theapplication of the fingerprint calculation 6 of each block and whichleads to establishing the fingerprint table FT 16, the latter 16 will becombined with the first type of mapping table MT 22 to result in asecond type of final mapping table FMT 25 now consisting of threecolumns and associating with each block identified by its code IC_(i),both said result of the corresponding fingerprint calculation and thenumber j_(i) and the addresses si_(i1), s_(ik), . . . of the storagesites dedicated to said block.

The mapping table FMT 25 as the mapping table MT 22 require, for thesame reasons already mentioned, to be secured according to the sameaforementioned means.

With the last acknowledgement from the last site to which the last blockhas been transmitted, the mapping table MT or the table FMT thuscompleted is recorded in the system memory 5. This can trigger erasingof the intermediate files FB 15 and FBS 23 and that of the origin fileF0 8 and, possibly, that of their respective copies.

Indeed, the mapping table MT or the table FMT associated with thecontent of all the fields of each block stored or archived in thedifferent third-party sites, provide all the information necessary toreconstitute, at the desired time, the origin file F0 8, which prompts,as has been already suggested, to secure the tables MT and FMT, the onlyones able to bring back the blocks distributed between the third-partysites.

FIG. 4 represents a flowchart of another preferred embodimentimplementing an optional procedure enabling securement of data to beenhanced and, in particular, its confidentiality to be enhanced byinvolving encryption of said data.

As is indicated in FIG. 4, the application of the encryption processmade in 26 occurs, for security reasons, as soon as possible after ablock has been formed.

Thus, for example, as soon as the i^(th) block is formed, that is itsidentification code IC_(i) is determined as well as its size 1 _(i) andthe binary elements be_(i) assigned thereto, the processor of the CPU 2selects, essentially randomly from several encryption modes (algorithmsand keys) (symbolised by “ectm”) 28, a mode ectm_(i), for example, forsaid first block “i”.

It is important to note that, from the encryption mode “ectm” selectedin 28, the information necessary to the encryption of said data is alsodeduced. Consequently, for security reasons, it is essential not tointegrate the applied mode “ectm” within the blocks before they aretransferred in a plurality of dedicated storage sites.

After said “ectm” mode is applied, the initial data “be” are replacedwith the encrypted data “be*” and the block corresponding to theseencrypted data joins the new file of encrypted blocks FB* 29 which isstored in the cache memory 5′.

As soon as an encryption mode “ectm” is assigned to a block,simultaneously, the processor of the CPU 2 establishes a table, calledan “encryption table” Ectt 30 having two columns, the first columnlisting the identification codes IC of the blocks and the second columnassociating with each identification code IC_(i), the encryption modeectm_(i) used for this block.

By combining the encryption table Ectm 30 with the first type of mappingtable MT 22 obtained after the blocks are distributed in theirrespective storage sites, a third type of final mapping table ECT 31with three columns is established, linking identification codes IC,encryption modes “ectm”, numbers “j” and addresses “si” of the dedicatedstorage sites.

In the same way, if the option of calculating the block fingerprints Fis also applied, the fourth type of final mapping table FHMT 32, takingthe fingerprint table FT 16 into account, will consist of four columnslinking identification codes IC, encryption modes “ectm”, fingerprintsF, numbers “j” and addresses “si” of the dedicated storage sites.

For identical reasons, the tables ECT and FHMT are secured, as has beenpreviously mentioned.

FIG. 5 represents a flowchart of the means used in the previous aspectsof the present invention in order to implement them to fulfilrequirements of a security level SL selected beforehand.

Depending on the nature, confidentiality, criticality or the like of thedata to be stored or archived, the desired security level can vary andan optimum security level is often searched for with respect to the realsecurity need, but also with respect to the processing time, cost andcomplexity of the securement means involved.

The central element enabling the security level to be modulated consistsin establishing beforehand a decision table DT 33 defining thefunctional modes and the values of operational parameters correspondingto the different selectable security levels SL, in particular uponentering the request R_(q) for protecting the origin file F0 8.

According to a preferred embodiment, the functional modes andoperational parameters selected by the decision table DT 33 as afunction of a determined security level SL relate to:

-   -   the number of blocks k, given that the higher k, the more the        size e of the blocks will tend to decrease and the better the        confidentiality,    -   the number of storage sites enabling also the confidentiality to        be improved if the number of sites increases,    -   the number of copies, that is the number of sites storing a same        block, wherein said copies can intervene in case of defects        observed relating to the integrity of the blocks,    -   performing Yes/No the fingerprint calculation F for each block        enabling, if the choice is positive, the integrity of the blocks        to be better ensured upon reconstituting the origin file F0,    -   performing Yes/No the data encryption enabling, if the choice is        positive, the confidentiality of these data to be enhanced.

A look-up table 35 gathers all the functional modes and operationalparameters available the multiple combinations of which are likely todetermine the different security levels SL.

The decision table DT 33 is implemented by the processor of the CPU 2after the security level SL is selected.

Once the security level SL is determined, the functional modes andoperational parameters corresponding to the choice of the decision tableDT 33 are recorded, for example, in an auxiliary cache memory 34reserved to said parameters for control purposes in case of possiblesubsequent dysfunction.

The CPU 2 then implements all the previously described processesseparately to highlight the different essential steps of the method ofthe invention by including the different options likely to be taken intoaccount by the decision table 33.

The final mapping tables, regardless of their types, MT, FMT, ECT, FHMTare, as has been already previously described, transferred into thesystem memory 5 and secured appropriately. It is also possible to onlyuse a single mapping table directly updated as the blocks areconstituted.

After the acknowledgement for writing the last block from the lastdedicated storage site is returned, and after the securement of saidfinal mapping tables is implemented, in particular after they arerecorded in the system memory 5, it is possible to contemplatecancelling the origin file F0 8, with the proviso that its fingerprintF(F0) calculated upon entering the request R_(q) is preserved in thememory 5, according to an algorithm determined by the management centre1.

FIGS. 6 a, 6 b, 6 e and 6 d represent several schemes and functionalflowcharts relating to the fourth phase of the method of the inventionthe implementation of which results from a request regarding thereconstitution of the origin file F0 8.

To do this, a first step, executed by the CPU 2 (FIG. 6a ) is to emit asignal “S” towards all the dedicated storage sites the addresses ofwhich are read in the final mapping table (MT, FMT, ECT, FHMT) 22, 25,31, 32 preserved in the memory 5 and by any appropriate transmissionmeans.

The signal “S” is designed to indicate that the blocks to be extractedonly relate to those which contain in their “identification” (IC) fieldthe flag F0* specific to the origin file F0.

In a second step (FIG. 6b ), the reception system 20 gathers all theblocks which come to it from different sites 21 in a file of blocks FR36.

The CPU 2 then implements, on the blocks of the file FR 36, a sortingprocedure according to a conventional algorithm the sorting key of whichis the order number ON of the block, given that only one blockcorresponds to an order number ON and this number is found in theidentification code IC of the block, to result in establishing bothfiles FR1, 38 and FR2, 39.

The first file FR1 38 contains a set of blocks, which differ from eachother by at least their order number ON, the second file FR2 39gathering all the blocks that have been stored in several dedicatedsites and which are in the form at least of replications.

At this stage in the method, a first check for its proper operationconsists in observing that the number of blocks of the file FR1 38 isequal to the number “k” of blocks of the origin file F0.

Furthermore, a test relating to the integrity of the data assigned toeach block can be performed from the file FR1 38. Thus, FIG. 6cintroduces the functional flow chart associated with said integritytest.

For all the blocks of the file FR1 38, the process is the following one:in block “i”, the total number of binary elements be_(i) in the “data”field is counted and this is compared to the value 1 _(i) written in the“block size” field. In case of equality, the process goes on for thenext block i+1, otherwise, in case of inequality, it is possible tosearch whether the block “i” is included in the file FR2 39 and theanalogous test cycle is resumed.

This demonstrates another interest in storing a given block in more thanone dedicated site in order to ensure integrity of the data assignedthereto.

Another integrity test is possible if the block fingerprint calculationis a selected option. Thus, from the file FR1 38, for each block “i”, afingerprint calculation Fi' is undertaken, using the same algorithmae_(i) indicated in the final mapping table FMT 25 or FHMT 32 preservedin the memory 5, which also gives the fingerprint result F_(i)corresponding to the same block “i” which was present in the origin fileF0.

The comparison between the fingerprints Fi′ and F_(i) enables theintegrity of data after it is stored to be checked for.

FIG. 6d represents the final step of reconstituting the origin file.According to one embodiment, the CPU 2 takes in 40 the binary elementspresent in the “data” field of each block of the file FR1 38 andtransfers them into a queue 41 according to the same consideration ofthe order numbers ON as during taking performed in 12 over the course ofthe second phase of the method of the invention (FIG. 2).

A conventional concatenation operation 42 regarding the records ofbinary elements of the queue 41 results in the final file F0 _(bis) 43which should be identical to the origin file F0. To check for thisstatement, it is sufficient to compare in 45 the fingerprint F(F0) ofthe origin file F0 calculated by the management centre 1 and preservedin the memory 5, with the fingerprint F (F0 _(bis)) of the reconstitutedfile F0 _(bis) calculated in 44 by the management centre 1 according tothe same calculation algorithm.

Upon selecting options in order to better ensure integrity andconfidentiality of the data to be stored through the decision table 33or not, the final mapping tables MT 22, FMT 25, ECT 31 and FHMT 32decisively intervene in the process for reconstituting the origin fileF0.

Indeed, they bring the essential information necessary for saidreconstitution, insofar as, not only it enables the storage sites of thedifferent data groups to be located, but also the relationships to beestablished:

-   -   between identification code IC, fingerprint value E and        algorithm used “ae”, and/or    -   between identification code IC and encryption mode “ectm” the        knowledge of which is essential for the subsequent encryption.

It will be also noted that the entirety of the latter informationessential to the reconstitution of the origin file F0 does not appear inthe blocks.

Consequently, it is important to highlight the fact that said finalmapping tables MT 22, FMT 25, ECT 31 and FHMT 32 are preserved in thememory 5 of the management centre 1 and, further, saved as well assecured by any means as has been already mentioned.

Different modifications can be provided to what has been hereindescribed in the embodiments and their implementation of the method ofthe invention without departing from the scope of the invention.

1. A method for improving the temporary or permanent digital datasecurement for storing or archiving purposes, comprising a newcombination of three distinct phases: the first phase consisting in: a)identifying and authenticating the request (R_(q)) of a user wishing toprotect his/her own digital data presented as an initial file (F0); b)calculating in the fingerprint F (F0) of the file (F0) according toappropriate algorithms in order to constitute an evidence of theexistence of said data on the date of said request (R_(q)), for example,using an electronic time stamping, as well as guarantee the origin andintegrity of said data through relying on an electronic signature or anelectronic seal; c) transferring said digital data and the fingerprint F(F0) of said initial file (F0) in a memory of the system and ensuringthe implementation of said method under control of the management centre(G), and d) entering, if need be, the operational parameters requiredfor the operation of said method; the second phase consisting in: e)applying to the central processing unit (CPU) a first programming lawenabling the origin file (F0) to be restructured in the form of aplurality of independent and identifiable blocks the constant orvariable size “l” and number “k” of which are determined in said firstlaw, wherein the concatenation of said blocks must enable said originfile (F0) to be subsequently reconstituted, said blocks being structuredaccording to a format having a “data” field intended to the binaryelements “be” of the respective data specifically assigned to each ofsaid blocks and several fields reserved to several information eachindicating a useful characteristic related to said block, saidinformation comprising the single identification code of the block,abbreviated as the acronym (IC), and possibly the size “1” of saidblock, the set of the blocks thus formed and formatted making up thefile of blocks (FB), which is recorded in the memory; and the thirdphase consisting in: f) applying by the CPU a second programming lawenabling the blocks of the file of blocks (FB) to be transferred to aplurality of storage sites, each block corresponding to at least onestorage site, wherein the storage sites can be local, distant orprocessed in a “cloud” mode and can further use, internally, all theconventional securement means; g) inserting in in the format of eachblock a further field intended to contain the number and addresses ofthe respective third-party sites to which said block has to betransferred, all of the blocks thus formatted being gathered in the file(FBS); h) and then transferring in, by any appropriate transmissionmeans, either block by block, or per site, all of the blocks of saidfile of blocks (FBS) to the dedicated respective sites; i) thenestablishing, from said file of blocks (FBS) a first type of finalmapping table (MT) having the form of a table with two columns, thefirst one recording the identification codes (IC) of the blocks and thesecond one associating with each said identification code (IC) thenumber and address(es) of the dedicated storage site(s); and j)transferring the final mapping table (MT) thus obtained into the memoryof the system and appropriately securing it.
 2. The method according toclaim 1, further comprising encrypting the digital data contained in theblocks of the file of blocks (FB) according to appropriate encryptionmodes “ectm” (algorithms and keys), that can vary from block to block,thus transforming the file (FB) into a file (FB*) containing theencrypted data; for security purposes, an encryption table (Ectt) isestablished enabling matching between a block determined by its singleidentification code (IC) and the encryption modes “ectm” implemented toencrypt the data of said block; said encryption table (Ectt) is intendedto be combined with said mapping table (MT) to establish the second typeof final mapping table (ECT) indicating, for each block, the singlematching between identification code (IC), number “j” and addresses ofthe third-party storage sites “si” and encryption mode “ectm”; ratherthan working on several mapping tables and then combining them, it isalso possible to work directly on the final mapping table.
 3. The methodaccording to claim 1, wherein the method enables calculation accordingto several possible algorithms “ae” the fingerprint F of each blockformed and formatted in step e) and to build in parallel a fingerprinttable (FT) establishing the single link between block identificationcode (IC) and fingerprint (F) of said block associated with thealgorithm “ae” used; said fingerprint table (FT) is then combined with:either the mapping table (MT) to form the third type of final mappingtable (FMT), with three columns uniquely connecting for each block,identification code (IC), number and addresses of the storagethird-party sites (j, si) and fingerprint plus algorithm (F, ae), or theencrypted mapping table (Ectt) to form the fourth type of final mappingtable (FHMT) with four columns uniquely connecting, for each block,identification code (C), number and addresses of the storage third-partysites (j, si), fingerprint plus algorithm (F, ae), and encryption mode(ectm); regardless of the final mapping table (MT, FMT, ECT, FHMT)obtained, it is transferred into the system memory and appropriatelysecured; rather than working on several mapping tables and thencombining them, it is also possible to work directly on the finalmapping table.
 4. The method according to claim 1, wherein the methodenables a modulation of the security level (SL) suitable for storing orarchiving a set of digital data gathered in an origin file (F0); adecision table (DT) defines the combinations of the functional modes andoperational parameters which result in different determined securitylevels (SL), wherein said security level (SL) can be selected uponentering the origin file (F0); the functional modes and operationalparameters defining a security level (SL) relate to: the number “k” ofblocks; the size “l” of the blocks (fixed/variable); the total number ofdedicated sites “j”; the number of copies, that is the number ofdifferent sites storing the same block; performing (Yes/No) thecalculation of fingerprints (F); performing (Yes/No) the data encryptionprocess; after selecting a given security level (SL), the processor ofthe CPU takes into account the functional modes and operationalparameters defined in the decision table (DT) matching the selectedsecurity level (SL) and transfers them into a further auxiliary cachememory connected to the CPU and reserved to the modes and parametersused for obtaining said security level (SL) and then the CPU performsthe respective instructions associated with said selection, 10 as hasbeen already described; the different final mapping tables (MT, FMT,ECT, FHMT) are transferred into the system memory and appropriatelysecured.
 5. The method according to claim 1, further comprising a fourthphase related to reconstitution, upon request, of the origin file (F0)including the following steps of: k) emitting, from the managementcentre, to all the dedicated storage sites listed in the mapping table(MT) preserved in the system memory, a signal (S) for extracting, fromthe storage means present in said dedicated sites, all the blocksidentified by the flag (F0*) specific to the origin file (F0); l)receiving all the identified blocks thus transmitted by the dedicatedstorage sites in a file of blocks (FR) preserved in the cache memory; m)from the file (FR), creating a first file (FR1) in which all theidentified blocks, appearing only once, and a second file (FR2) in whichonly the blocks stored in more than one dedicated third-party siteappear; n) for data integrity checking purposes, comparing, in the file(FR1), and for each block IC_(i), the number of binary elements be_(i)with the value l_(i) indicated in the corresponding “block size” field;o) extracting the binary elements be_(i) from all the blocks of the file(FR1) in the planned order of the order numbers (ON) during the initialformation of the blocks and applying to them a conventionalconcatenation operation in to reconstitute the file (F0 _(bis)); p) inorder to check the integrity of the files (F0) and (F0 _(bis)),comparing the fingerprint F(F0) of the origin file (F0) preserved withits calculation algorithm “ae”, in the memory of the management centrewith the new fingerprint F(F0 _(bis)) calculated according to the samealgorithm “ae”.
 6. The method according to claim 5, further comprisingencrypting the digital data contained in the blocks of the file ofblocks (FB) according to appropriate encryption modes “ectm” (algorithmsand keys), that can vary from block to block, thus transforming the file(FB) into a file (FB*) containing the encrypted data; for securitypurposes, an encryption table (Ectt) is established enabling matchingbetween a block determined by its single identification code (IC) andthe encryption modes “ectm” implemented to encrypt the data of saidblock; said encryption table (Ectt) is intended to be combined with saidmapping table (MT) to establish the second type of final mapping table(ECT) indicating, for each block, the single matching betweenidentification code (IC), number “j” and addresses of the third-partystorage sites “si” and encryption mode “ectm”; rather than working onseveral mapping tables and then combining them, it is also possible towork directly on the final mapping table, wherein, since the encryptionoption has been selected to enhance confidentiality of the data stored,the implementation of steps k) and l) leads in the same way to said file(FR), but this thereby contains a set of blocks in which the data areencrypted; their encryption occurs, at this stage of the process, usingthe final mapping table (ECT) preserved in the memory and providing,under these conditions, the essential piece of information related tothe encryption mode “ectm” matching each block (IC); the other stepsfrom m) to p) remain functionally unchanged.
 7. The method according toclaim 5, wherein the method enables calculation according to severalpossible algorithms “ae” the fingerprint F of each block formed andformatted in step e) and to build in parallel a fingerprint table (FT)establishing the single link between block identification code (IC) andfingerprint (F) of said block associated with the algorithm “ae” used;said fingerprint table (FT) is then combined with: either the mappingtable (MT) to form the third type of final mapping table (FMT), withthree columns uniquely connecting for each block, identification code(IC), number and addresses of the storage third-party sites (j, si) andfingerprint plus algorithm (F, ae), or the encrypted mapping table(Ectt) to form the fourth type of final mapping table (FHMT) with fourcolumns uniquely connecting, for each block, identification code (C),number and addresses of the storage third-party sites (j, si),fingerprint plus algorithm (F, ae), and encryption mode (ectm);regardless of the final mapping table (MT, FMT, ECT, FHMT) obtained, itis transferred into the system memory and appropriately secured; ratherthan working on several mapping tables and then combining them, it isalso possible to work directly on the final mapping table, wherein,since the fingerprint calculation option of each block has been selectedto enhance data integrity, the implementation of steps k) and l) leads,in the same way, to said file (FR) from which the fingerprint Fi′ ofeach block is calculated with the same algorithm ae_(i) preserved in thememory in the final mapping table (FMT) for each block C_(i); it issufficient to compare the fingerprints Fi′ and F_(i) to reinforce, incase of equality, the integrity quality of data after storing them. 8.The method according to claim 7, wherein the method enables a modulationof the security level (SL) suitable for storing or archiving a set ofdigital data gathered in an origin file (F0); a decision table (DT)defines the combinations of the functional modes and operationalparameters which result in different determined security levels (SL),wherein said security level (SL) can be selected upon entering theorigin file (F0); the functional modes and operational parametersdefining a security level (SL) relate to: the number “k” of blocks; thesize “l” of the blocks (fixed/variable); the total number of dedicatedsites “j”; the number of copies, that is the number of different sitesstoring the same block; performing (Yes/No) the calculation offingerprints (F); performing (Yes/No) the data encryption process; afterselecting a given security level (SL), the processor of the CPU takesinto account the functional modes and operational parameters defined inthe decision table (DT) matching the selected security level (SL) andtransfers them into a further auxiliary cache memory connected to theCPU and reserved to the modes and parameters used for obtaining saidsecurity level (SL) and then the CPU performs the respectiveinstructions associated with said selection, 10 as has been alreadydescribed; the different final mapping tables (MT, FMT, ECT, FHMT) aretransferred into the system memory and appropriately secured; furthercomprising encrypting the digital data contained in the blocks of thefile of blocks (FB) according to appropriate encryption modes “ectm”(algorithms and keys) that can vary from block to block, thustransforming the file (FB) into a file (FB*) containing the encrypteddata; for security purposes, an encryption table (Ectt) is establishedenabling matching between a block determined by its singleidentification code (IC) and the encryption modes “ectm” implemented toencrypt the data of said block; said encryption table (Ectt) is intendedto be combined with said mapping table (MT) to establish the second typeof final mapping table (ECT) indicating, for each block, the singlematching between identification code (IC), number “j” and addresses ofthe third-party storage sites “si” and encryption mode “ectm”; ratherthan working on several mapping tables and then combining them, it isalso possible to work directly on the final mapping table, wherein,since the encryption option has been selected to enhance confidentialityof the data stored, the implementation of steps k) and l) leads in thesame way to said file (FR), but this thereby contains a set of blocks inwhich the data are encrypted; their encryption occurs, at this stage ofthe process, using the final mapping table (ECT) preserved in the memoryand providing, under these conditions, the essential piece ofinformation related to the encryption mode “ectm” matching each block(IC); the other steps from m) to p) remain functionally unchangedwherein the implementation of the decision table (DT) can lead, in orderto guarantee a maximum data securement, to the simultaneous selection ofthe encryption options of these data and the block fingerprintcalculation; under these conditions, steps k) and l) lead, in the sameway, to said file (FR) the blocks of which will undergo the encryptionprocess and the comparison test of the block fingerprint values; to dothis, the mapping table (FHMT), preserved in the memory, will providethe information necessary insofar as it respectively associates theidentification code (IC) of the block, the encryption mode “ectm”, thefingerprint value and its calculation mode (F, ae); the other steps fromm) to p) remain functionally unchanged.
 9. The method of claim 1,wherein the useful characteristic related to said block is the singleidentification code.
 10. The method according to claim 2, wherein themethod enables calculation according to several possible algorithms “ae”the fingerprint F of each block formed and formatted in step e) and tobuild in parallel a fingerprint table (FT) establishing the single linkbetween block identification code (IC) and fingerprint (F) of said blockassociated with the algorithm “ae” used; said fingerprint table (FT) isthen combined with: either the mapping table (MT) to form the third typeof final mapping table (FMT), with three columns uniquely connecting foreach block, identification code (IC), number and addresses of thestorage third-party sites (j, si) and fingerprint plus algorithm (F,ae), or the encrypted mapping table (Ectt) to form the fourth type offinal mapping table (FHMT) with four columns uniquely connecting, foreach block, identification code (C), number and addresses of the storagethird-party sites (j, si), fingerprint plus algorithm (F, ae), andencryption mode (ectm); regardless of the final mapping table (MT, FMT,ECT, FHMT) obtained, it is transferred into the system memory andappropriately secured; rather than working on several mapping tables andthen combining them, it is also possible to work directly on the finalmapping table.
 11. The method according to claim 2, wherein the methodenables a modulation of the security level (SL) suitable for storing orarchiving a set of digital data gathered in an origin file (F0); adecision table (DT) defines the combinations of the functional modes andoperational parameters which result in different determined securitylevels (SL), wherein said security level (SL) can be selected uponentering the origin file (F0); the functional modes and operationalparameters defining a security level (SL) relate to: the number “k” ofblocks; the size “l” of the blocks (fixed/variable); the total number ofdedicated sites “j”; the number of copies, that is the number ofdifferent sites storing the same block; performing (Yes/No) thecalculation of fingerprints (F); performing (Yes/No) the data encryptionprocess; after selecting a given security level (SL), the processor ofthe CPU takes into account the functional modes and operationalparameters defined in the decision table (DT) matching the selectedsecurity level (SL) and transfers them into a further auxiliary cachememory connected to the CPU and reserved to the modes and parametersused for obtaining said security level (SL) and then the CPU performsthe respective instructions associated with said selection, 10 as hasbeen already described; the different final mapping tables (MT, FMT,ECT, FHMT) are transferred into the system memory and appropriatelysecured.
 12. The method according to claim 3, wherein the method enablesa modulation of the security level (SL) suitable for storing orarchiving a set of digital data gathered in an origin file (F0); adecision table (DT) defines the combinations of the functional modes andoperational parameters which result in different determined securitylevels (SL), wherein said security level (SL) can be selected uponentering the origin file (F0); the functional modes and operationalparameters defining a security level (SL) relate to: the number “k” ofblocks; the size “l” of the blocks (fixed/variable); the total number ofdedicated sites “j”; the number of copies, that is the number ofdifferent sites storing the same block; performing (Yes/No) thecalculation of fingerprints (F); performing (Yes/No) the data encryptionprocess; after selecting a given security level (SL), the processor ofthe CPU takes into account the functional modes and operationalparameters defined in the decision table (DT) matching the selectedsecurity level (SL) and transfers them into a further auxiliary cachememory connected to the CPU and reserved to the modes and parametersused for obtaining said security level (SL) and then the CPU performsthe respective instructions associated with said selection, 10 as hasbeen already described; the different final mapping tables (MT, FMT,ECT, FHMT) are transferred into the system memory and appropriatelysecured.
 13. The method according to claim 10, wherein the methodenables a modulation of the security level (SL) suitable for storing orarchiving a set of digital data gathered in an origin file (F0); adecision table (DT) defines the combinations of the functional modes andoperational parameters k which result in different determined securitylevels (SL), wherein said security level (SL) can be selected uponentering the origin file (F0); the functional modes and operationalparameters defining a security level (SL) relate to: the number “k” ofblocks; the size “l” of the blocks (fixed/variable); the total number ofdedicated sites “j”; the number of copies, that is the number ofdifferent sites storing the same block; performing (Yes/No) thecalculation of fingerprints (F); performing (Yes/No) the data encryptionprocess; after selecting a given security level (SL), the processor ofthe CPU takes into account the functional modes and operationalparameters defined in the decision table (DT) matching the selectedsecurity level (SL) and transfers them into a further auxiliary cachememory connected to the CPU and reserved to the modes and parametersused for obtaining said security level (SL) and then the CPU performsthe respective instructions associated with said selection, 10 as hasbeen already described; the different final mapping tables (MT, FMT,ECT, FHMT) are transferred into the system memory and appropriatelysecured.